Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MFA on-premises use security questions for fallback

    In the on-premises MFA server there's the ability to enable "use security questions for fallback". This is great but only works for newly imported accounts. Can this be enforced on all users?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. On-Premises MFA logging, user change MFA method

    There's much logging in the on-premises MFA server, but it's missing the change for MFA method by the enduser at the moment. Can be handy for traceback (including the machine name from which the change has been made) and seeing if there's a possible identity theft.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. MFA

    Update the Multi Factor Authentication (MFA) Gui so we can see any account that is NOT enabled or enforced. Seems like a basic setting but I cannot find any resource to help identify these risks and it is troubling (and manual).

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. MFA by device not per application

    We are piloting MFA with auth expiry every 7 days. Currently every 7 days we have to log into ever single app using MFA (word, excel, onedrive, onenote etc etc) every 7 days on both our laptops and our mobile devices.

    It would seem reasonable for the apps on each device to have a share session that expired every 7 days instead.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide Multi Factor Auth for Microsoft Accounts when logging into the Azure Portal

    Currently multi factor authentication can be enabled for accounts created in Azure AD, for securing login to the Azure Portal. However Microsoft accounts such as user@live.com can not have multi factor authentication enabled for them. This creates a security risk for those that may not have organization ID for the tenant they are working in, or the Microsoft Account has been granted co-admin or RBAC access to other subscriptions.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Backup Codes for Azure MFA

    Please add support for "Backup Codes" to Azure MFA as soon as possible. Many popular MFA services already support Backup Codes, basically a list of 10 valid authentication codes that a user can print off and use in situations where there regular authentication method is not available.

    Use cases for backup codes include:

    - User's mobile phone is lost, stolen, or damaged.
    - User will be in an area with out good mobile phone service or consistent access to a land line.
    - Users let's mobile phone battery drain..

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    There is planned work to address this scenario. We don’t feel that backup codes provide a good security option as they’re often misplaced. Also, it’s hard to have users print them out and have them when they’re needed. Instead, we are looking at a time-limited passcode that could be generated either by the user (just in time when it’s needed) or by an admin (for example a helpdesk agent). The organization admin would have control over when a user could generate these codes. The code can be used for a limited time, then it will no longer be valid.

    Note – for areas with limited cellphone connectivity (or roaming charges), the code generated in the authenticator app will allow MFA login. The time-limited passcode is meant to stand in if the user temporarily forgot/lost their phone.

    Richard

  7. Windows Authentication for Terminal Services support for Windows Server 2012 R2

    Windows Authentication for Terminal Services support for Windows Server 2012 R2

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide MFA Reports via API or reporting services

    Currently we pull a daily user detail report from the MFA portal and add it to a spreadsheet we then visualise with Power BI. It allows us to monitor the success/failure rate across authentication methods. Linked to an AD extract it also allows us to report based on country.

    It would be useful if the report data could be obtained via API to automate the collection of this data

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Use Cortana's voice for Azure MFA phone verification/callback service

    Azure MFA already has support for custom voice messages [1].

    To provide a consistent experience across all Windows 10 devices, it would be neat if the Azure MFA callback service had Cortana's voice.

    This would also allow Azure MFA to benefit from the Cortana accent regionalisation efforts (American English for en-us, Australian English for en-au).

    [1] https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-whats-next/#custom-voice-messages

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Update MFA Server documentation to cover all features and configuration options

    The documentation for Azure MFA Server seems very incomplete. Just to mention a few:
    Proper descriptions for "Phone Factor Admins" group, AD requirements and changes is completely missing.
    No documentation can be found for available tags that can be used for dynamically adding information in emails.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. phone factor

    Surface/expose Azure MFA (Phone Factor) attribute data in GRAPH to facilitate API-based manipulation and mitigate some of the current limitations in RBAC within "cloud only" deployments of the Azure MFA service.

    116 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. need new Authenticator QR code

    can't find where to get new Authenticator QR code after updating Windows Phone in new portal. Tried search no matches found.
    Expect it under Profile Management.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD App Proxy - Login with MFA Code Only

    Please add an access option which requires username and Azure Multi-Factor Authentication only.

    This should not authenticate users to any other part of the platform. It should behave like a page which does not require authentication - except for requiring the user to pass a MFA check.

    The reason for this is we wish to present an internal password change page to the Internet. We want users to provide MFA credentials before they access the page, but they won't be able to pass the primary password login because it is expired.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Set context/description for MFA bypass IP address subnets

    It would me great, if Microsoft would provide a field that would provide IT security admin to set a description for the IP address subnets that he/she is white listing for MFA byPass.

    Basically just the same as the Azure AD Reporting team did for trusted locations.

    Thanks!

    @Shawn Bishop

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD MultiFactor OP server uses Azure portal for mobile app

    I cannot fathom how Microsoft can "Windows Azure Multi-Factor Authentication Server" which is not connected to Azure AD in any way. Why do you have to install a web site application/portal for users to register and configure access to the OP auth server. It's a farse to bill this as an Windows Azure feature. Every configuration is completely separate from Azure. The Authentication server should respect the Azure AD enabled users, their MFA settings and the Azure portal for Mobile app integration. The design of this "server" removes any benefit of using Azure AD with AD connect.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Set UK Phone Number as Caller ID for Azurre Multi-Factor Authentication

    As our customer base is entirely in the UK we would like to set the caller ID to be from a UK number so that customers feel more assured about the two factor process.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Set Default Country Code in Azure MFA

    When importing users from AD, if the country code isn't included in attribute Azure MFA will set the country code to +1(USA).
    Can a feature be added to allow the default country code to be set a the global level. So that in our case we could set all number to default to +44(Great Britain) .

    59 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow AD attributes to be passed to RADIUS clients in Azure MFA

    Azure MFA can pass static values to radius clients, could this be expanded to pass values stored as AD attributes from the authenticated user on to the client.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add support for Flash SMS messages in Microsoft Azure MFA (Both Cloud and On-Prem)

    Add support for Flash SMS messages in Microsoft Azure MFA (Both Cloud and On-Prem)

    @Shawn Bishop / Nitika Gupta

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow the User Admin role to Enable/Disable MFA for users

    Managing MFA settings for users seems to fit the scope of the User Admin role. I don't think this activity should require Global Admin access.

    870 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    177 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base